This blog post covers the most notable cyber-security events of the previous week, including the zero-day vulnerabilities in Windows, a massive cyber espionage campaign targeting Cisco, Citrix and Zoho devices, and more.
Last week Microsoft has warned of targeted attacks actively exploiting two zero-day remote code execution (RCE) vulnerabilities affecting the Windows Adobe Type Manager Library. The flaws affect devices running desktop and server Windows versions, including Windows 10, Windows 8.1, Windows 7, and multiple versions of Windows Server.
According to Microsoft, the two RCE-flaws exist due to a way the Windows Adobe Type Manager Library handles a specially-crafted multi-master font - Adobe Type 1 PostScript format. The vulnerabilities could be exploited by tricking a user into opening a specially crafted document, or viewing it in the Windows Preview pane.
The tech giant has not disclosed the information about attacks the vulnerabilities were exploited in, or who might have been behind them.
Security researchers at Trustwave have disclosed an interesting attack on one of their customers involving a fake BestBuy gift card and a malicious USB thumb drive. When plugged into a PC this USB drive would download a malware designed to steal system information from infected host.
FireEye researchers have published details about a hacking campaign targeting organizations worldwide, which they described as "the broadest campaigns by a Chinese cyber espionage actor we have observed in recent years."
The operation, which is believed to be conducted by Chinese cyber espionage group APT41, targeted flaws in popular business applications and devices from companies such as Cisco, Citrix and Zoho.
The list of targeted industries includes banking/finance, construction, defense industrial base, government, healthcare, high technology, higher education, legal, manufacturing, media, non-profit, oil & gas, petrochemical, pharmaceutical, real estate, telecommunications, transportation, travel, and utility sectors.
Daniel’s Hosting (DH), the largest free web hosting provider for dark web services, has shut down after being hacked for the second time in 16 months. Nearly 7,600 dark web sites have been taken offline following the attack, during which an entire database was deleted from the web host portal by an attacker.
According to the DH’s founder Daniel Winzen, the hack only affected the DH backend database account, but not the accounts of users who had been hosting sites on the DH hosting platform. It is still unclear, how the hack happened or which hacker group is behind it.
Antivirus firm Kaspersky has reported about a mysterious group of hackers that is attacking organizations from the Middle East industrial sector with a never-before-seen backdoor dubbed Milum.
The campaign dubbed WildPressure was discovered in August last year. The researchers were able to sinkhole of the C2 domains used by the APT group and discovered that the vast majority of visitor IPs were from the Middle East, specifically from Iran, while the rest were network scanners, TOR exit nodes or VPN connections.
As of yet, the Milum’s spreading mechanism is unknown, and it is still unclear who is behind the campaign.